Previously, in auth_unix_gid, group lists were stored in an array of
hard-coded length 100, and in the situation that the group lists for a
particular call were too large, the array was swapped with a dynamically
allocated/freed buffer. For environments where users are commonly in
a large number of groups, this isn't an ideal approach.
Instead, use malloc/realloc to grow the list on an as-needed basis.
Signed-off-by: Sean Finney <sean.finney@sonyericsson.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
*/
static int cache_export_ent(char *domain, struct exportent *exp, char *p);
*/
static int cache_export_ent(char *domain, struct exportent *exp, char *p);
+#define INITIAL_MANAGED_GROUPS 100
char *lbuf = NULL;
int lbuflen = 0;
char *lbuf = NULL;
int lbuflen = 0;
*/
uid_t uid;
struct passwd *pw;
*/
uid_t uid;
struct passwd *pw;
- gid_t glist[100], *groups = glist;
- int ngroups = 100;
+ static gid_t *groups = NULL;
+ static int groups_len = 0;
+ gid_t *more_groups;
+ int ngroups = 0;
+ if (groups_len == 0) {
+ groups = malloc(sizeof(gid_t) * INITIAL_MANAGED_GROUPS);
+ if (!groups)
+ return;
+
+ groups_len = ngroups = INITIAL_MANAGED_GROUPS;
+ }
+
if (readline(fileno(f), &lbuf, &lbuflen) != 1)
return;
if (readline(fileno(f), &lbuf, &lbuflen) != 1)
return;
rv = -1;
else {
rv = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
rv = -1;
else {
rv = getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups);
- if (rv == -1 && ngroups >= 100) {
- groups = malloc(sizeof(gid_t)*ngroups);
- if (!groups)
+ if (rv == -1 && ngroups >= groups_len) {
+ more_groups = realloc(groups, sizeof(gid_t)*ngroups);
+ if (!more_groups)
+ else {
+ groups = more_groups;
+ groups_len = ngroups;
rv = getgrouplist(pw->pw_name, pw->pw_gid,
groups, &ngroups);
rv = getgrouplist(pw->pw_name, pw->pw_gid,
groups, &ngroups);
}
}
qword_printuint(f, uid);
}
}
qword_printuint(f, uid);
} else
qword_printuint(f, 0);
qword_eol(f);
} else
qword_printuint(f, 0);
qword_eol(f);
-
- if (groups != glist)
- free(groups);